One question that I get a lot, whether it’s from students, current or hopeful IT folks or just curious folks who wonder how one gets into this line of work, is “How do / can I get started hacking?” or “How do / can I get started on the red team?”. I’ve heard tons of […]
I had a conversation a few days ago that highlighted an interesting similarity between offensive security and, oddly enough, baby pictures. The conversation was with a photographer who worked extensively with families (family portraits, baby pictures, etc.). The photographer mentioned that they offer a package for parents to get pictures of their babies at newborn, […]
On 22 March 2018, the public learned of a ransomware attack in the City of Atlanta information systems. The City of Atlanta held a press conference soon after the news broke and multiple news outlets covered the incident. In this article, I don’t want to re-hash the information already presented but rather highlight a few […]
Thursday morning (22 March, 2018), the City of Atlanta’s computer systems fell victim to what’s being called a ‘cyber attack’. According to the information that we’ve seen thus far, the attack is apparently a ransomware attack demanding payment in exchange for the decryption keys to unlock the affected data. According to news articles, local, state […]
According to this article from Threatpost, a new malware nicknamed FIN7 is using a new technique to spread and avoid detection. The malware is reportedly associated with the Carbanak group and is targeting the restaurant industry. Considering it’s effectiveness though, it’s safe to assume that either this attacker will move to other industry verticals or […]
Recent computer / network security breaches combined with the fact that it’s an election year in the US has led to asignificant amount of focus on [information] security and technology and interesting responses from [mostly] politicians on what the appropriate solution should be. One of the solutions that I have heard tossed about in the […]
Many of you may remember the previous post regarding the phishing attack at Seagate where an employee, responding to a phishing email that claimed to be from the CEO, forwarded the W-2 ‘and other data’ to an attacker. According to this article from the Inquirer, a number of affected employees have now filed a class […]
What is Social Engineering? Once again, the Social Engineering Capture The Flag (SECTF) competition at DEF CON was a huge success. Social Engineering (SE) is is basically hacking the human element in an organization, tricking the victim into giving the attacker sensitive information about the target. Attacking the human allows an attacker to bypass the […]
In the wake of the news that the 2012 LinkedIn breach was significantly larger than previously though, passwords are apparently all the rage at Microsoft these days. Specifically, Microsoft has all but declared war on passwords that it believes are ‘bad’. I am a big fan of a layered approach to security and a strong […]
Our goal as penetration testers is to learn how malicious hackers operate to compromise the confidentiality, integrity and / or availability of their victims in the real-world and integrate those attacks into our engagements. This gives our clients the most realistic experience possible so that they’re able to quickly identify an attack when it happens […]